Fix collision in host networking

Dockerfile

@@ -260,7 +260,7 @@ ENV NVIDIA_DRIVER_CAPABILITIES=all
 # Disable VSYNC for NVIDIA GPUs
 ENV __GL_SYNC_TO_VBLANK=0
 # Set default DISPLAY environment
-ENV DISPLAY=":0"
+ENV DISPLAY=":20"
 
 # Anything above this line should always be kept the same between docker-nvidia-glx-desktop and docker-nvidia-egl-desktop
 
@@ -586,7 +586,6 @@ turnserver \
     --external-ip=\"\${SELKIES_TURN_HOST:-\$(curl -fsSL checkip.amazonaws.com)}\" \
     --min-port=\"\${TURN_MIN_PORT:-49152}\" \
     --max-port=\"\${TURN_MAX_PORT:-65535}\" \
-    --no-udp-relay \
     --channel-lifetime=\"\${TURN_CHANNEL_LIFETIME:--1}\" \
     --lt-cred-mech \
     --user \"selkies:\${TURN_RANDOM_PASSWORD}\" \

docker-compose.yml

@@ -0,0 +1,76 @@
+services:
+  xgl:
+    container_name: xgl
+    hostname: xgl
+    # Change tag `latest` to Ubuntu versions such as `24.04`
+    image: ghcr.io/selkies-project/nvidia-glx-desktop:latest
+    ports:
+    - '8080:8080'
+    stdin_open: true
+    tty: true
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: nvidia
+            count: 1
+            capabilities: [gpu]
+    tmpfs:
+    - '/dev/shm:rw'
+#    volumes:
+#    - 'xgl-cache-vol:/cache'
+#    - 'xgl-root-vol:/home/ubuntu'
+    # Uncomment the below line to disable network isolation for WebRTC connectivity, display `:20` and `:21` should not be used in the host, may show an error if disallowed by the cluster
+#    network_mode: 'host'
+    environment:
+    - TZ=UTC
+    - DISPLAY_SIZEW=1920
+    - DISPLAY_SIZEH=1080
+    - DISPLAY_REFRESH=60
+    - DISPLAY_DPI=96
+    - DISPLAY_CDEPTH=24
+    # With driver versions lower than 550, change to `DP-0` or any other `DP-*` port for larger resolution support if NOT using datacenter GPUs
+    - VIDEO_PORT=DFP
+    # User password of container
+    - PASSWD=mypasswd
+    # Uncomment to enable KasmVNC instead of Selkies-GStreamer, `SELKIES_BASIC_AUTH_PASSWORD` is used for authentication with KasmVNC, defaulting to `PASSWD` if not provided
+    # Uses: `SELKIES_ENABLE_BASIC_AUTH`, `SELKIES_BASIC_AUTH_USER`, `SELKIES_BASIC_AUTH_PASSWORD`, `SELKIES_ENABLE_RESIZE`, `SELKIES_ENABLE_HTTPS`, `SELKIES_HTTPS_CERT`, `SELKIES_HTTPS_KEY`
+#    - KASMVNC_ENABLE=true
+    ###
+    # Selkies-GStreamer parameters, for additional configurations see `selkies-gstreamer --help`
+    ###
+    # Change `SELKIES_ENCODER` to `x264enc`, `vp8enc`, or `vp9enc` if using software fallback without allocated GPUs or your GPU does not support `H.264 (AVCHD)` under the `NVENC - Encoding` section in https://developer.nvidia.com/video-encode-and-decode-gpu-support-matrix-new
+    - SELKIES_ENCODER=nvh264enc
+    - SELKIES_ENABLE_RESIZE=false
+    # Initial video bitrate in kilobits per second, may be changed later within web interface
+    - SELKIES_VIDEO_BITRATE=8000
+    # Initial frames per second, may be changed later within web interface
+    - SELKIES_FRAMERATE=60
+    # Initial audio bitrate in bits per second, may be changed later within web interface
+    - SELKIES_AUDIO_BITRATE=128000
+    # Uncomment if network conditions rapidly fluctuate
+#    - SELKIES_CONGESTION_CONTROL=true
+    # Enable basic authentication with the web interface
+    - SELKIES_ENABLE_BASIC_AUTH=true
+    # Defaults to `PASSWD` if unspecified
+#    - SELKIES_BASIC_AUTH_PASSWORD=mypasswd
+    # Enable HTTPS web interface from inside the container
+    - SELKIES_ENABLE_HTTPS=false
+    # Volume mount trusted HTTPS certificate to new path for no web browser warnings
+#    - SELKIES_HTTPS_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
+#    - SELKIES_HTTPS_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
+    ###
+    # Uncomment and configure below to use a TURN server for improved network compatibility
+    ###
+#    - SELKIES_TURN_HOST=turn.example.com
+#    - SELKIES_TURN_PORT=3478
+    # Provide only `SELKIES_TURN_SHARED_SECRET` for time-limited shared secret authentication or both `SELKIES_TURN_USERNAME` and `SELKIES_TURN_PASSWORD` for legacy long-term authentication, but do not provide both authentication methods at the same time
+#    - SELKIES_TURN_SHARED_SECRET=n0TaRealCoTURNAuthSecretThatIsSixtyFourLengthsLongPlaceholdPlace
+#    - SELKIES_TURN_USERNAME=username
+#    - SELKIES_TURN_PASSWORD=mypasswd
+    # TURN REST URI authentication, all TURN server settings above are ignored if enabled
+#    - 'SELKIES_TURN_REST_URI=http://localhost:8008'
+    # Change to `tcp` if the UDP protocol is throttled or blocked in your client network, or when the TURN server does not support UDP
+#    - SELKIES_TURN_PROTOCOL=udp
+    # You need a valid hostname and a certificate from authorities such as ZeroSSL (Let's Encrypt may have issues) to enable this
+#    - SELKIES_TURN_TLS=false

entrypoint.sh

@@ -29,7 +29,7 @@ mkdir -pm777 /dev/input || sudo-root mkdir -pm777 /dev/input || echo 'Failed to
 touch /dev/input/js0 /dev/input/js1 /dev/input/js2 /dev/input/js3 || sudo-root touch /dev/input/js0 /dev/input/js1 /dev/input/js2 /dev/input/js3 || echo 'Failed to create joystick interposer devices'
 
 # Set default display
-export DISPLAY="${DISPLAY:-:0}"
+export DISPLAY="${DISPLAY:-:20}"
 # PipeWire-Pulse server socket location
 export PIPEWIRE_LATENCY="32/48000"
 export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/tmp}"

kasmvnc-entrypoint.sh

@@ -10,7 +10,7 @@ set -e
 until [ -d "${XDG_RUNTIME_DIR}" ]; do sleep 0.5; done
 
 # Set default display
-export DISPLAY="${DISPLAY:-:0}"
+export DISPLAY="${DISPLAY:-:20}"
 # PipeWire-Pulse server socket path
 export PIPEWIRE_LATENCY="32/48000"
 export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/tmp}"
@@ -52,7 +52,7 @@ server {
 }" | tee /etc/nginx/sites-available/default > /dev/null
 
 # Configure KasmVNC
-export KASM_DISPLAY=":50"
+export KASM_DISPLAY=":21"
 yq -i "
 .command_line.prompt = false |
 .desktop.resolution.width = ${DISPLAY_SIZEW} |

selkies-gstreamer-entrypoint.sh

@@ -10,7 +10,7 @@ set -e
 until [ -d "${XDG_RUNTIME_DIR}" ]; do sleep 0.5; done
 
 # Set default display
-export DISPLAY="${DISPLAY:-:0}"
+export DISPLAY="${DISPLAY:-:20}"
 # PipeWire-Pulse server socket path
 export PIPEWIRE_LATENCY="32/48000"
 export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/tmp}"

xgl.yml

@@ -17,11 +17,11 @@ spec:
         app: xgl
     spec:
       hostname: xgl
-      # Uncomment the below line to disable network isolation for WebRTC connectivity, may show an error if disallowed by the cluster
+      # Uncomment the below line to disable network isolation for WebRTC connectivity, display `:20` and `:21` should not be used in the host, may show an error if disallowed by the cluster
 #      hostNetwork: true
       containers:
       - name: xgl
-        # Change tag `latest` to Ubuntu version such as `24.04`
+        # Change tag `latest` to Ubuntu versions such as `24.04`
         image: ghcr.io/selkies-project/nvidia-glx-desktop:latest
         env:
         - name: TZ